Privacy Policy
Eye Web is committed to protecting the privacy and personal data of its users. This Privacy Policy transparently describes what data we collect, how we use it, how we protect it and what your rights are as a user.
The platform was built with the principle of privacy by design, ensuring that data protection is integrated into every component of the system from its inception.
Eye Web was designed to minimize personal data collection. The following data is never transmitted, stored or processed on our servers:
- Verified email addresses: Verification uses the K-Anonymity model — only a SHA-256 hash prefix is transmitted, making it impossible to reconstruct the original email.
- Passwords: Never leave your browser. Security verification is done entirely client-side, comparing local hashes with the Have I Been Pwned API.
- Verified URLs: Analyzed in encrypted form and results are cached without any association to the user or their session.
- Form data: No information entered in search fields is sent to internal or third-party databases.
Your password is never transmitted — not even partially. All verification occurs locally in your browser.
For the operation of the traffic monitoring and platform security system, we automatically collect the following data:
- IP Address: Registered for threat detection, attack protection and malicious access blocking. IPs are stored temporarily and automatically deleted at the end of each day.
- Approximate geolocation: Country and city only, determined from the public IP. We do not use GPS or precise geolocation.
- User-Agent: To identify device type, operating system and browser, essential for detecting automated scanners and malicious behavior.
- Device fingerprint: Anonymous (non-reversible) hash to distinguish devices and improve threat detection accuracy.
- Pages visited: Only the page path, without query parameters or personal data.
- Access timestamp: Date and time of each visit for statistical analysis and attack pattern detection.
Traffic and monitoring data is automatically deleted at the end of each day (00:00 UTC). Before deletion, an aggregated statistical report (without personally identifiable data) is generated and kept for trend analysis.
Aggregated reports contain only numerical metrics: total visits, most visited pages, geographic distribution by country and device types — without any information that would allow identification of an individual user.
We implement multiple layers of protection to ensure data security:
- Mandatory HTTPS: All communications between the browser and our servers are encrypted with TLS/SSL.
- Rate limiting: Limitation of requests per IP to prevent abuse and brute force attacks.
- Scanner detection: Automatic identification and blocking of vulnerability scanning tools.
- Injection protection: Rigorous sanitization of all inputs to prevent SQL injection, XSS and other attack vectors.
- Automatic blocking: IPs exhibiting malicious behavior are automatically blocked by the defense system.
We use cookies minimally and transparently:
- Session cookies: Only for authentication via Supabase Auth. These are essential cookies necessary for the administration area to function.
- LocalStorage: Used for user preferences (such as theme and language) that remain exclusively on your device.
We do not use tracking cookies, third-party analytics, remarketing or advertising. Zero tracking.
We do not share, sell or transfer any personal data to third parties. The only external services used are:
- Have I Been Pwned API: For compromised credential verification. Only SHA-256 hash prefixes are sent (K-Anonymity).
- Supabase: For authentication and platform data storage, with encryption at rest and in transit.
- IP Geolocation: External service to determine country and city from the public IP, without sending additional personal data.
Under the General Data Protection Regulation (GDPR), as a user you have the right to:
- Access: Request information about the data we hold about you.
- Rectification: Correct incorrect or incomplete data.
- Erasure: Request the deletion of your personal data.
- Portability: Receive your data in a structured format.
- Objection: Object to data processing under certain circumstances.
To exercise any of these rights, contact us at the email address below. We will respond within 30 days.
This Privacy Policy may be updated periodically. Any changes will be published on this page with the corresponding update date. We recommend regularly checking this page.
Last updated: February 2026
For questions, inquiries or to exercise your privacy rights, you can contact us at: suporte@eyeweb.pt.